IETF Logo Mail Archive

Re: [Nmlrg] Machine Learning in network - solicitation for use cases

"Dacheng Zhang" <dacheng.zdc@alibaba-inc.com> Mon, 07 September 2015 01:52 UTC

Return-Path: <dacheng.zdc@alibaba-inc.com>
X-Original-To: nmlrg@ietfa.amsl.com
Delivered-To: nmlrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0231A879F for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 18:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.451
X-Spam-Level:
X-Spam-Status: No, score=0.451 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_CHARSET_FARAWAY=2.45, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsWHwYqTTCkJ for <nmlrg@ietfa.amsl.com>; Sun, 6 Sep 2015 18:52:46 -0700 (PDT)
Received: from out4133-2.mail.aliyun.com (out4133-2.mail.aliyun.com [42.120.133.2]) by ietfa.amsl.com (Postfix) with ESMTP id DDFB71B3074 for <nmlrg@irtf.org>; Sun, 6 Sep 2015 18:52:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1441590765; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=5YmNss7fNSQBHfWHu6WdxG/7cAfX6KSOKBsLyZOLMic=; b=SQnAnVoai/FoBl412XvB8YomNi8HKXiYpsFu/VzzsT8U53u27KmyxUR34ytfcdGDwbFzDeKnXZyidy8BjUJqcsOMQpQARMknNiaa0Z5zDkP+2lTvdCM04/sZXncSkk2QlJKrrY9/ax5AMK0AKJyiNUjr/axc+tx6ivIs5zmPGdY=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R151e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03281; MF=dacheng.zdc@alibaba-inc.com; NM=1; PH=DS; RN=2; SR=0;
Received: from 10.62.53.139(mailfrom:dacheng.zdc@alibaba-inc.com ip:182.92.253.23) by smtp.aliyun-inc.com(127.0.0.1); Mon, 07 Sep 2015 09:52:43 +0800
User-Agent: Microsoft-MacOutlook/14.5.4.150722
Date: Mon, 07 Sep 2015 09:52:38 +0800
From: "Dacheng Zhang" <dacheng.zdc@alibaba-inc.com>
To: Sheng Jiang <jiangsheng@huawei.com>, "nmlrg@irtf.org" <nmlrg@irtf.org>
Message-ID: <D2130D6D.26ABF%dacheng.zdc@alibaba-inc.com>
Thread-Topic: [Nmlrg] Machine Learning in network - solicitation for use cases
References: <D20A251E.25E52%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2B192@nkgeml512-mbx.china.huawei.com> <D20B2C03.25EC7%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D062@nkgeml512-mbx.china.huawei.com> <D211D160.26495%dacheng.zdc@alibaba-inc.com> <D211D7F2.2651C%dacheng.zdc@alibaba-inc.com> <5D36713D8A4E7348A7E10DF7437A4B927BB2D300@nkgeml512-mbx.china.huawei.com>
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B927BB2D300@nkgeml512-mbx.china.huawei.com>
Mime-version: 1.0
Content-type: text/plain; charset="GB2312"
Content-transfer-encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/nmlrg/P6-g2QI-o1Bb0L6WT76G0GkPZDM>
Subject: Re: [Nmlrg] Machine Learning in network - solicitation for use cases
X-BeenThere: nmlrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Machine Learning Research Group <nmlrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmlrg/>
List-Post: <mailto:nmlrg@irtf.org>
List-Help: <mailto:nmlrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 01:52:47 -0000


在 15-9-6 下午5:01, "Sheng Jiang" <jiangsheng@huawei.com> 写入:

>>Some more detailed introduction.
>>
>>DDoS and APT are very active research topics. Application layer DDoS
>>attacks are more difficult to detect than layer 4 DDoS attacks. In many
>>cases, the application layer DDoS does not introduce large amount
>>traffics. However, by using big data and data mining tech, it is possible
>>to find out the clues of such attacks.
>
>Hi, Dacheng,
>
>Applying machine learning in DDoS protection is an interest use case. For
>my understanding, the machine would learn the potential attack behaviors,
>am I right?

Yes, you are right.
>
>If yes, I have two questions: a) does the machine learning has the
>possibility to learn/identify new attack behaviors, which was not
>recognized before? If yes, what is the working principles?

Normally we need to generate a normal behavior model and some “abnormal
behavior models”, the machine will detect whether certain behavior of a
client will be located in an ‘abnormal’ area.
I need to check with my colleagues to see whether we could disclose more
detailed information for the moment.

> b) is it possible for autonomic reaction from the network operational
>perspective after detect such DDoS attack? Give the machine learning may
>not be accurate, my guess is human intervention is needed.

In the current practice, machine learning procedure is normally offline.
1) machine learning may not very that accurate. 2) big data processing
needs time and computing resources.  Human involvement is required.

Looking for future discussion on this topic.

Cheers

Dacheng

>
>Best regards,
>
>Sheng
>
>>There were some related discussions in Dots. If you are interested, I
>>could find them out later.
>>
>>_______________________________________________
>>nmlrg mailing list
>>nmlrg@irtf.org
>>https://www.irtf.org/mailman/listinfo/nmlrg

v2.8.7 | Report a Bug | By Email